253 matches found
SUSE CVE-2014-2240
Stack-based buffer overflow in the cf2hintmapbuild function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large number of stem hints in a font file...
SUSE CVE-2020-5249
In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...
SUSE CVE-2022-27337
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file...
SUSE CVE-2023-22794
A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...
CVE-2023-22794
A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...
DEBIAN-CVE-2023-22794
A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...
UBUNTU-CVE-2023-22794
A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...
ALPINE-CVE-2022-47952
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...
Denial Of Service
poppler is vulnerable to denial of service attacks. A logical error in the Hints::Hints function in the Hints.cc file allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service...
Denial Of Service (DoS)
yauaa is vulnerable to denial of service. The vulnerability exists due to ClientHintsAnalyzer.java improperly handling client hints, allowing an attacker to crash the application through the ArrayIndexOutOfBoundsException by passing a malicious user-agent string when using the client hint analysi...
CVE-2022-23496
Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...
Design/Logic Flaw
Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...
CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa
Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...
CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa
Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...
GHSA-C4PM-63CG-9J7H Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...
poppler security and bug fix update
21.01.0-13 - Dont run out of file for Hints - Rebuild for 2096451 - Resolves: 2090970, 2096451...
The vulnerability of the Hints::Hints function (poppler/Hints.cc) in the Poppler PDF rendering library allows a attacker to cause a service failure.
The vulnerability of the Hints::Hints function in the Poppler PDF rendering library is related to errors during resource release. Exploiting this vulnerability allows an attacker to cause service interruptions through a specially created PDF file...
poppler: A logic error in the Hints::Hints function can cause denial of service
A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service...
poppler: A logic error in the Hints::Hints function can cause denial of service
A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service...